How could that happen to such an ostensibly security-conscious crowd?
According to that e-mail, somebody forgot to apply an already-released
patch to server software running on a secondary area of the site -- an
exceedingly common "d'oh!" moment in the business, unfortunately.

(Firefox browser users need not freak out because of the news; Spread
Firefox is separate from the development of the browser itself.)